From 3a5940a91c6ae3d8b03cb49053a9fcc20e5743cc Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 23 Mar 2021 22:50:53 +0100 Subject: krops: 1.24.1 -> 1.25.0 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index c2fa48550..cccebf3ff 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit c2fa48550f2bb46009b9cecdb9ac838dc402ce19 +Subproject commit cccebf3ff7a53336b3f106cb96dddd5892d427ed -- cgit v1.2.3 From e41239db3caa26405ed61c394dd58d31521f80b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Apr 2021 22:01:35 +0200 Subject: l: searx init at 1.0.0 --- lass/5pkgs/searx/default.nix | 69 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 lass/5pkgs/searx/default.nix diff --git a/lass/5pkgs/searx/default.nix b/lass/5pkgs/searx/default.nix new file mode 100644 index 000000000..e5ce5788a --- /dev/null +++ b/lass/5pkgs/searx/default.nix @@ -0,0 +1,69 @@ +{ lib, nixosTests, python3, python3Packages, fetchFromGitHub, fetchpatch }: + +with python3Packages; + +toPythonModule (buildPythonApplication rec { + pname = "searx"; + version = "1.0.0"; + + # Can not use PyPI because certain test files are missing. + src = fetchFromGitHub { + owner = "searx"; + repo = "searx"; + rev = "v${version}"; + sha256 = "0ghkx8g8jnh8yd46p4mlbjn2zm12nx27v7qflr4c8xhlgi0px0mh"; + }; + + postPatch = '' + sed -i 's/==.*$//' requirements.txt + ''; + + preBuild = '' + export SEARX_DEBUG="true"; + ''; + + propagatedBuildInputs = [ + Babel + certifi + dateutil + flask + flaskbabel + gevent + grequests + jinja2 + langdetect + lxml + ndg-httpsclient + pyasn1 + pyasn1-modules + pygments + pysocks + pytz + pyyaml + requests + speaklater + werkzeug + ]; + + # tests try to connect to network + doCheck = false; + # checkInputs = [ + # Babel mock nose2 covCore pep8 plone-testing splinter + # unittest2 zope_testrunner selenium + # ]; + + postInstall = '' + # Create a symlink for easier access to static data + mkdir -p $out/share + ln -s ../${python3.sitePackages}/searx/static $out/share/ + ''; + + passthru.tests = { inherit (nixosTests) searx; }; + + meta = with lib; { + homepage = "https://github.com/searx/searx"; + description = "A privacy-respecting, hackable metasearch engine"; + license = licenses.agpl3Plus; + maintainers = with maintainers; [ matejc fpletz globin danielfullmer ]; + }; +}) -- cgit v1.2.3 From 9ae85f32e3c23fdd535ac3e905f1891ecba2923d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 25 Apr 2021 17:34:23 +0200 Subject: go: store urls in redis --- krebs/3modules/go.nix | 48 ++++++++++++++---------------------------------- 1 file changed, 14 insertions(+), 34 deletions(-) diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 4df73509c..5686fea3f 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -20,61 +20,41 @@ let }; imp = { + services.redis = { + enable = true; + }; + krebs.htgen.go = { port = cfg.port; script = ''. ${pkgs.writeDash "go" '' - find_item() { - if test ''${#1} -ge 7; then - set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \ - -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")" - if test -n "$1" && test $(echo "$1" | wc -l) = 1; then - echo "$1" - return 0 - fi - fi - return 1 - } - - STATEDIR=$HOME - mkdir -p "$STATEDIR/items" + set -x case "$Method $Request_URI" in "GET /"*) - if item=$(find_item "''${Request_URI#/}"); then - uri=$(cat "$item") + if item=$(${pkgs.redis}/bin/redis-cli --raw get "''${Request_URI#/}"); then printf 'HTTP/1.1 302 Found\r\n' printf 'Content-Type: text/plain\r\n' printf 'Connection: closed\r\n' - printf 'Location: %s\r\n' "$uri" + printf 'Location: %s\r\n' "$item" printf '\r\n' exit fi ;; "POST /") - uri=$(mktemp -t htgen.$$.content.XXXXXXXX) - trap 'rm $uri >&2' EXIT - - head -c "$req_content_length" \ + uri=$(head -c "$req_content_length" \ | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \ | xargs -0 echo -e \ | tee /tmp/tee.log \ | ${pkgs.urix}/bin/urix \ | head -1 \ - > "$uri" - sha256=$(sha256sum -b "$uri" | cut -d\ -f1) - base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256") - item="$STATEDIR/items/$base32" - ref="http://$req_host/$base32" + ) - if ! test -e "$item"; then - mkdir -v -p "$STATEDIR/items" >&2 - cp -v "$uri" "$item" >&2 - fi + sha256=$(echo "$uri" | sha256sum -b | cut -d\ -f1) + base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256") + base32short=$(echo "$base32" | cut -b-5) + ${pkgs.redis}/bin/redis-cli set "$base32short" "$uri" >/dev/null - base32short=$(echo "$base32" | cut -b-7) - if item=$(find_item "$base32short"); then - ref="http://$req_host/$base32short" - fi + ref="http://$req_host/$base32short" printf 'HTTP/1.1 200 OK\r\n' printf 'Content-Type: text/plain; charset=UTF-8\r\n' -- cgit v1.2.3 From af6b58bc087f745b900d47b41764b29ac554917e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Apr 2021 21:40:35 +0200 Subject: realwallpaper: move pkgs into export --- krebs/3modules/realwallpaper.nix | 9 --------- krebs/5pkgs/simple/realwallpaper/default.nix | 23 +++++++++++++++++++---- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index cfa8a65ba..86b74a8ca 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -42,15 +42,6 @@ let description = "real wallpaper generator"; after = [ "network.target" ]; - path = with pkgs; [ - xplanet - imagemagick - inkscape - curl - file - jq - ]; - environment = { working_dir = cfg.workingDir; marker_url = cfg.marker; diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 04a2a6718..aafabb7b6 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -1,6 +1,21 @@ { pkgs, ... }: pkgs.writers.writeDashBin "generate-wallpaper" '' - set -euf + set -xeuf + + export PATH=${with pkgs; lib.makeBinPath [ + coreutils + curl + gnugrep + gnused + file + findutils + grib2json + imagemagick + inkscape + jq + nomads-cloud + xplanet + ]} # usage: getimg FILENAME URL fetch() { @@ -118,7 +133,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' # fetch clouds if they are older than 3h if ! test "$(find clouds-raw.png -mmin -180)"; then - ${pkgs.nomads-cloud}/bin/nomads-cloud clouds-raw.png + nomads-cloud clouds-raw.png fi in_size=3600x1800 @@ -161,14 +176,14 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' fi if needs_rebuild krebs.png krebs-raw.svg; then - inkscape -z -e krebs.png -w 16 -h 16 krebs-raw.svg + inkscape --export-type="png" --export-width=16 --export-height=16 --export-filename=krebs.png krebs-raw.svg fi # -- Planets -- for planet in mercury venus mars jupiter saturn uranus neptune; do if needs_rebuild "$planet".png "$planet"-raw.svg; then sed -i 's/#000/#FE8019/g' "$planet"-raw.svg - inkscape -z -e "$planet".png -w 40 -h 40 "$planet"-raw.svg + inkscape --export-type="png" --export-width=40 --export-height=40 --export-filename="$planet.png" "$planet-raw.svg" fi done -- cgit v1.2.3 From 0f21f4250a7e5037cc0cf9a0416857e7da16d30a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Apr 2021 21:43:18 +0200 Subject: nomads-cloud: fix url --- krebs/5pkgs/simple/nomads-cloud/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/nomads-cloud/default.nix b/krebs/5pkgs/simple/nomads-cloud/default.nix index 6e4ace484..97cf10d1f 100644 --- a/krebs/5pkgs/simple/nomads-cloud/default.nix +++ b/krebs/5pkgs/simple/nomads-cloud/default.nix @@ -10,7 +10,8 @@ writers.writeDashBin "nomads-cloud" '' date=$(${coreutils}/bin/date +%Y%m%d) for hour in 18 12 06 00; do - url="https://nomads.ncep.noaa.gov/cgi-bin/filter_gfs_0p25_1hr.pl?file=gfs.t''${hour}z.pgrb2.0p25.anl&lev_entire_atmosphere_%5C%28considered_as_a_single_layer%5C%29=on&var_CWAT=on&leftlon=-180&rightlon=180&toplat=90&bottomlat=-90&dir=%2Fgfs.$date%2F$hour" + url="https://nomads.ncep.noaa.gov/cgi-bin/filter_gfs_0p25_1hr.pl?file=gfs.t''${hour}z.pgrb2.0p25.anl&lev_entire_atmosphere_%5C%28considered_as_a_single_layer%5C%29=on&var_CWAT=on&leftlon=-180&rightlon=180&toplat=90&bottomlat=-90&dir=%2Fgfs.''${date}%2F''${hour}%2Fatmos" + echo "$url" ${curl}/bin/curl -fsS "$url" > "$grib_path" if [ "$?" -eq 0 ]; then break -- cgit v1.2.3 From a9da6e0e5bc2e9d4b5141de39942f77e546a425f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Apr 2021 11:29:24 +0200 Subject: go: use last 5 hash characters for short urls --- krebs/3modules/go.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 5686fea3f..fea25e036 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -51,7 +51,7 @@ let sha256=$(echo "$uri" | sha256sum -b | cut -d\ -f1) base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256") - base32short=$(echo "$base32" | cut -b-5) + base32short=$(echo "$base32" | cut -c48-52) ${pkgs.redis}/bin/redis-cli set "$base32short" "$uri" >/dev/null ref="http://$req_host/$base32short" -- cgit v1.2.3 From aec780247000278c7c46c7ff30f215009a79454c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 May 2021 17:37:10 +0200 Subject: realwallpaper: add version with star constellations --- krebs/5pkgs/simple/realwallpaper/default.nix | 33 +++++++++++++++++++- .../simple/realwallpaper/get_constellations.py | 36 ++++++++++++++++++++++ 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 krebs/5pkgs/simple/realwallpaper/get_constellations.py diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index aafabb7b6..c9b2e76b6 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -271,6 +271,32 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' shade=15 ''} + ${pkgs.writers.writePython3 "get_constellations" { + libraries = [ pkgs.python3Packages.astropy ]; + } ./get_constellations.py} ${pkgs.fetchurl { + url = "https://raw.githubusercontent.com/ofrohn/d3-celestial/d2e20e104b86429d90ac8227a5b021262b45d75a/data/constellations.lines.json"; + sha256 = "0g71fdrnxvxd6pcqvihj2q9iaynrl7px45kzw6qm1kymynz6ckr9"; + }} > constellations.arcs + + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-krebs-stars-output.png --projection merc \ + -config ${pkgs.writeText "xplanet-krebs-stars.config" '' + [default] + + arc_thickness=1 + arc_file=constellations.arcs + + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds.png + cloud_threshold=1 + cloud_gamma=10 + marker_file=marker_file + shade=15 + ''} + # trim xplanet output if needs_rebuild realwallpaper.png xplanet-output.png; then convert xplanet-output.png -crop $out_geometry \ @@ -278,7 +304,6 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' mv realwallpaper-tmp.png realwallpaper.png fi - # trim xplanet output if needs_rebuild realwallpaper-marker.png xplanet-marker-output.png; then convert xplanet-marker-output.png -crop $out_geometry \ realwallpaper-marker-tmp.png @@ -292,6 +317,12 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' mkdir -p archive convert realwallpaper-krebs.png archive/"$(date -Is)".jpg fi + + if needs_rebuild realwallpaper-krebs-stars.png xplanet-krebs-stars-output.png; then + convert xplanet-krebs-stars-output.png -crop $out_geometry \ + realwallpaper-krebs-stars-tmp.png + mv realwallpaper-krebs-stars-tmp.png realwallpaper-krebs-stars.png + fi } main "$@" diff --git a/krebs/5pkgs/simple/realwallpaper/get_constellations.py b/krebs/5pkgs/simple/realwallpaper/get_constellations.py new file mode 100644 index 000000000..5d8d3df5d --- /dev/null +++ b/krebs/5pkgs/simple/realwallpaper/get_constellations.py @@ -0,0 +1,36 @@ +from astropy.coordinates import SkyCoord, ITRS, representation +from astropy.time import Time +import json +import sys + + +def convert_to_itrs(coord): + c = SkyCoord(coord[0], coord[1], unit='degree', frame='icrs') + c_itrs = c.transform_to(ITRS(obstime=Time.now())) + rep = c_itrs.represent_as(representation.UnitSphericalRepresentation) + return [rep.lat.deg, rep.lon.deg] + + +def points_to_lines(points): + lines = [] + for x in range(len(points) - 1): + lines.append([points[x], points[x+1]]) + return lines + + +with open(sys.argv[1]) as f: + constellations = json.load(f)['features'] + +output = [] + +for const in constellations: + for line in const['geometry']['coordinates']: + transformed_line = [] + for point in line: + transformed_line.append(convert_to_itrs(point)) + + line_combined = points_to_lines(transformed_line) + for l in line_combined: # noqa + output.append(f'{l[0][0]} {l[0][1]} {l[1][0]} {l[1][1]} # {const["id"]}') # noqa + +print('\n'.join(output)) -- cgit v1.2.3 From 19a03764b539123074140f7f0613ab0bfc3814df Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 May 2021 17:40:21 +0200 Subject: l realwallpaper: serve krebs-stars --- lass/2configs/realwallpaper.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index 7a2f6e916..c873ae4d5 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -28,6 +28,9 @@ in { locations."/realwallpaper-krebs.png".extraConfig = '' root /var/realwallpaper/; ''; + locations."/realwallpaper-krebs-stars.png".extraConfig = '' + root /var/realwallpaper/; + ''; locations."/realwallpaper-video.mp4".extraConfig = '' root /var/realwallpaper/archive; ''; -- cgit v1.2.3 From fd3dff19ed4952a6a92cb3ebf40e52c7ba81d563 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 May 2021 17:48:27 +0200 Subject: l fetchWallpaper: use stars version --- lass/2configs/fetchWallpaper.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index 065ee9c42..251f886a9 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -5,8 +5,7 @@ let in { krebs.fetchWallpaper = { enable = true; - unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; - url = "prism/realwallpaper-krebs.png"; + url = "prism/realwallpaper-krebs-stars.png"; }; } -- cgit v1.2.3 From 020154a8599142dae4f9ac838fe1657dbf0da8d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 May 2021 19:09:47 +0200 Subject: realwallpaper: add krebs-stars-berlin version --- krebs/5pkgs/simple/realwallpaper/default.nix | 26 ++++++++++++++++++++++++++ lass/2configs/realwallpaper.nix | 3 +++ 2 files changed, 29 insertions(+) diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index c9b2e76b6..8728c0ae7 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -297,6 +297,26 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' shade=15 ''} + xplanet --num_times 1 --geometry $xplanet_out_size \ + --latitude 52.520008 --longitude 13.404954 \ + --output xplanet-krebs-stars-berlin-output.png --projection merc \ + -config ${pkgs.writeText "xplanet-krebs-stars.config" '' + [default] + + arc_thickness=1 + arc_file=constellations.arcs + + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds.png + cloud_threshold=1 + cloud_gamma=10 + marker_file=marker_file + shade=15 + ''} + # trim xplanet output if needs_rebuild realwallpaper.png xplanet-output.png; then convert xplanet-output.png -crop $out_geometry \ @@ -323,6 +343,12 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' realwallpaper-krebs-stars-tmp.png mv realwallpaper-krebs-stars-tmp.png realwallpaper-krebs-stars.png fi + + if needs_rebuild realwallpaper-krebs-stars-berlin.png xplanet-krebs-stars-berlin-output.png; then + convert xplanet-krebs-stars-berlin-output.png -crop $out_geometry \ + realwallpaper-krebs-stars-berlin-tmp.png + mv realwallpaper-krebs-stars-berlin-tmp.png realwallpaper-krebs-stars-berlin.png + fi } main "$@" diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index c873ae4d5..0bae91d89 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -31,6 +31,9 @@ in { locations."/realwallpaper-krebs-stars.png".extraConfig = '' root /var/realwallpaper/; ''; + locations."/realwallpaper-krebs-stars-berlin.png".extraConfig = '' + root /var/realwallpaper/; + ''; locations."/realwallpaper-video.mp4".extraConfig = '' root /var/realwallpaper/archive; ''; -- cgit v1.2.3 From 950a735472f2b09b08119ba79f10c54a9efb28e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 May 2021 17:59:52 +0200 Subject: l: (re)init echelon.r (with ssh tor unlocking) --- krebs/3modules/lass/default.nix | 40 ++++++++++++++++++ lass/1systems/echelon/config.nix | 14 +++++++ lass/1systems/echelon/physical.nix | 33 +++++++++++++++ .../tests/dummy-secrets/initrd/ssh.ed25519_key | 0 lass/2configs/tor-initrd.nix | 49 ++++++++++++++++++++++ 5 files changed, 136 insertions(+) create mode 100644 lass/1systems/echelon/config.nix create mode 100644 lass/1systems/echelon/physical.nix create mode 100644 lass/2configs/tests/dummy-secrets/initrd/ssh.ed25519_key create mode 100644 lass/2configs/tor-initrd.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 300ea2ccc..d29988be2 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -742,6 +742,46 @@ in { syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ"; }; + echelon = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.3"; + ip6.addr = r6 "4"; + aliases = [ + "echelon.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxTpl0YvJWiF9cAYeAdp + 1gG18vrSeYDpmVCsZmxi2qyeWNM4JGSVPYoagyKHSDGH60xvktRh/1Zat+1hHR0A + MAjDIENn9hAICQ8lafnm2v3+xzLNoTMJTYG3eba2MlJpAH0rYP0E5xBhQj9DCSAe + UpEZWAwCKDCOmg/9h0gvs3kh0HopwjOE1IEzApgg05Yuhna96IATVdBAC7uF768V + rJZNkQRvhetGxB459C58uMdcRK3degU6HMpZIXjJk6bqkzKBMm7C3lsAfaWulfez + gavFSHC15NbHkz+fcVZNZReJhfTHP7k05xo5vYpDhszdUSjc3MtWBmk5v9zdS1pO + c+20a1eurr1EPoYBqjQL0tLBwuQc2tN5XqJKVY5LGAnojAI6ktPKPLR6qZHC4Kna + dgJ/S1BzHVxniYh3/rEzhXioneZ6oZgO+65WtsS42WAvh/53U/Q3chgI074Jssze + ev09+zU8Xj0vX/7KpRKy5Vln6RGkQbKAIt7TZL5cJALswQDzcCO4WTv1X5KoG3+D + KfTMfl9HzFsv59uHKlUqUguN5e8CLdmjgU1v2WvHBCw1PArIE8ZC0Tu2bMi5i9Vq + GHxVn9O4Et5yPocyQtE4zOfGfqwR/yNa//Zs1b6DxQ73tq7rbBQaAzq7lxW6Ndbr + 43jjLL40ONdFxX7qW/DhT9MCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "3"; + aliases = [ + "echelon.w" + ]; + wireguard.pubkey = '' + SLdk0lph2rSFU+3dyrWDU1CT/oU+HPcOVYeGVIgDpEc= + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; + }; + }; users = rec { lass = lass-yubikey; diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix new file mode 100644 index 000000000..9e72916b3 --- /dev/null +++ b/lass/1systems/echelon/config.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: +{ + imports = [ + + + + + ]; + + krebs.build.host = config.krebs.hosts.echelon; + + boot.tmpOnTmpfs = true; +} + diff --git a/lass/1systems/echelon/physical.nix b/lass/1systems/echelon/physical.nix new file mode 100644 index 000000000..fbacc3927 --- /dev/null +++ b/lass/1systems/echelon/physical.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + imports = [ + ./config.nix + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.initrd.luks.devices.luksroot.device = "/dev/sda3"; + + networking.useDHCP = false; + networking.interfaces.ens18.useDHCP = true; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/5186edb1-9234-48ae-8679-61facb56b818"; + fsType = "xfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/56D1-34A0"; + fsType = "vfat"; + }; + +} diff --git a/lass/2configs/tests/dummy-secrets/initrd/ssh.ed25519_key b/lass/2configs/tests/dummy-secrets/initrd/ssh.ed25519_key new file mode 100644 index 000000000..e69de29bb diff --git a/lass/2configs/tor-initrd.nix b/lass/2configs/tor-initrd.nix new file mode 100644 index 000000000..64e64b5b3 --- /dev/null +++ b/lass/2configs/tor-initrd.nix @@ -0,0 +1,49 @@ +{config, pkgs, ... }: +## unlock command: +# (pass admin/$host/root;echo) | torify ssh root@$(pass hosts/$host/initrd/hostname) 'cat > /crypt-ramfs/passphrase' +{ + boot.initrd.network.enable = true; + boot.initrd.network.ssh = { + enable = true; + port = 22; + authorizedKeys = [ + config.krebs.users.lass.pubkey + config.krebs.users.lass-mors.pubkey + config.krebs.users.lass-green.pubkey + ]; + hostKeys = [ ]; + }; + boot.initrd.availableKernelModules = [ "e1000e" ]; + + boot.initrd.secrets = { + "/etc/tor/onion/bootup" = ; + }; + + boot.initrd.extraUtilsCommands = '' + copy_bin_and_libs ${pkgs.tor}/bin/tor + ''; + + # start tor during boot process + boot.initrd.network.postCommands = let + torRc = (pkgs.writeText "tor.rc" '' + DataDirectory /etc/tor + SOCKSPort 127.0.0.1:9050 IsolateDestAddr + SOCKSPort 127.0.0.1:9063 + HiddenServiceDir /etc/tor/onion/bootup + HiddenServicePort 22 127.0.0.1:22 + ''); + in '' + echo "tor: preparing onion folder" + # have to do this otherwise tor does not want to start + chmod -R 700 /etc/tor + + echo "make sure localhost is up" + ip a a 127.0.0.1/8 dev lo + ip link set lo up + + echo "tor: starting tor" + tor -f ${torRc} --verify-config + tor -f ${torRc} & + ''; +} + -- cgit v1.2.3 From aa5ffde456fc12e879b3ffceb84533a664bc3095 Mon Sep 17 00:00:00 2001 From: rtjure Date: Tue, 4 May 2021 16:32:42 +0200 Subject: [PATCH] External: added public key and reference --- krebs/3modules/external/default.nix | 1 + krebs/3modules/external/ssh/rtjure.pub | 1 + 2 files changed, 2 insertions(+) create mode 100644 krebs/3modules/external/ssh/rtjure.pub diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index c8e360a1e..809d5a7db 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -671,6 +671,7 @@ in { pubkey = ssh-for "raute"; }; rtjure = { + pubkey = ssh-for "rtjure"; }; sokratess = { }; diff --git a/krebs/3modules/external/ssh/rtjure.pub b/krebs/3modules/external/ssh/rtjure.pub new file mode 100644 index 000000000..4c69e1836 --- /dev/null +++ b/krebs/3modules/external/ssh/rtjure.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVFTzk646b/XXTFyWoKLw92jLmqC3EwAURtSZkWPxcZv+OPd76cgLl2bKgEHZ1/n4784zqNM85q+pk1NJfaTNB2SMksM5p8yFdCKcrMci0mdIcjp53z0SxUU4EozUnuntfFPnvjMAG5i1ppungkala9svc6x4vHuinHSvGXDJW7YsF5vSbDppGvgji9HKN8iagPhT1gnOf4o5ZqgD9cwS/3cXZx+gcSNnEolhr1WKcglDGeMJKQoNLkfojgLw4ZE4DpNYN5CJ64adZOXun9DrhV2iYgkKurJ9CxJXSP9ULQKKMayDCJBE5XTWxgH6oyOAjurYQoYozI4/yKZXRgrIz97gHgXqh45/q64gNe9XbLXzhz4neOE77L1WYEE+sUYqXIlKwtFQHqYLuU09ZCkiKft9N0A2Lpcm0m7ebpSBd6PH8sF9hrAjtNACReTYritXF7b+LT5Zkxu98BgK36rcOnMkPpMm+svh+MiCCE4jm6HT+O2yikYSnc2q7W6ljjxs= rtjure@nxdc -- cgit v1.2.3 From 5b33b477e1b19964e71b9d3ad0d392c2538fd1e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 15 Feb 2021 19:55:25 +0100 Subject: mic92: add okelmann --- krebs/3modules/external/mic92.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 306ab34eb..baa54e9e1 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -303,6 +303,27 @@ in { }; }; }; + okelmann = { + owner = config.krebs.users.mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.190"; + aliases = [ + "okelmann.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxquUuiW9a304H9Ls81+2BMm4bviDUU2Zogu0F1mPp6X8TpdjYpDs + +tlakSTEPHo+aIdcV9rHpjOC3tirNbYU56D8DdoSo1Ra6XNFbxWrw7usSR9gz7L+ + kYp1Uij4gKTfg6YQkU0lkufk13if6zvb/GjoBUTS/Tx+8sZm2/JKEK8JLQaCkmMu + LAUTsHj35Q8S99TzCLAoQLo136AtvPqcwwHVwkdX+S4WqtlODxfJ7T+9KFxGg54B + 1M6btg8iL5sdTFrLIBi7oK6GuLK9izvZ4O9O9H2bStW6LodqPtw2v5WA8li+YJx7 + LBgLO4aAAA6bF9WFcYyKBh6iCX0WxB7LowIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; martha = { owner = config.krebs.users.mic92; nets = rec { -- cgit v1.2.3 From ffeda392b109ee6231a5fc12a4b4a7076674dce5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 16 Feb 2021 08:09:00 +0100 Subject: mic92: remove dpdkm/inspector --- krebs/3modules/external/mic92.nix | 53 --------------------------------------- 1 file changed, 53 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index baa54e9e1..3f327855a 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -152,30 +152,6 @@ in { }; }; }; - dpdkm = { - owner = config.krebs.users.mic92; - nets = rec { - retiolum = { - ip4.addr = "10.243.29.173"; - aliases = [ "dpdkm.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj - NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp - qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP - X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn - f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa - bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL - Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T - B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w - tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n - dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls - mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; herbert = { owner = config.krebs.users.mic92; nets = rec { @@ -199,35 +175,6 @@ in { }; }; }; - inspector = { - owner = config.krebs.users.mic92; - nets = rec { - internet = { - ip4.addr = "141.76.44.154"; - aliases = [ "inspector.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.172"; - aliases = [ "inspector.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG - EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ - 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF - m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw - WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd - eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 - OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau - ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x - B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG - q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj - 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; eddie = { owner = config.krebs.users.mic92; nets = rec { -- cgit v1.2.3 From 424b062676f879e10efae625002d73d20aee26ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 24 Feb 2021 14:09:22 +0100 Subject: add github action for autosync --- .github/dependabot.yml | 6 ++++++ .github/workflows/repo-sync.yml | 19 +++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/repo-sync.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..5ace4600a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml new file mode 100644 index 000000000..4284463f9 --- /dev/null +++ b/.github/workflows/repo-sync.yml @@ -0,0 +1,19 @@ +on: + schedule: + - cron: "*/15 * * * *" + workflow_dispatch: + +jobs: + repo-sync: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + persist-credentials: false + - name: repo-sync + uses: repo-sync/github-sync@v2 + with: + source_repo: "https://git.thalheim.io/Mic92/stockholm.git" + source_branch: "master" + destination_branch: "master" + github_token: ${{ secrets.PAT }} -- cgit v1.2.3 From b2501a0dedc6b8ba4698b28db25cc9c6883a2324 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 22 Mar 2021 12:38:20 +0100 Subject: mic92: add anindya --- krebs/3modules/external/mic92.nix | 45 +++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 3f327855a..e0a3fe2a2 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -252,23 +252,40 @@ in { }; okelmann = { owner = config.krebs.users.mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.190"; + nets.retiolum = { + ip4.addr = "10.243.29.190"; aliases = [ "okelmann.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAxquUuiW9a304H9Ls81+2BMm4bviDUU2Zogu0F1mPp6X8TpdjYpDs - +tlakSTEPHo+aIdcV9rHpjOC3tirNbYU56D8DdoSo1Ra6XNFbxWrw7usSR9gz7L+ - kYp1Uij4gKTfg6YQkU0lkufk13if6zvb/GjoBUTS/Tx+8sZm2/JKEK8JLQaCkmMu - LAUTsHj35Q8S99TzCLAoQLo136AtvPqcwwHVwkdX+S4WqtlODxfJ7T+9KFxGg54B - 1M6btg8iL5sdTFrLIBi7oK6GuLK9izvZ4O9O9H2bStW6LodqPtw2v5WA8li+YJx7 - LBgLO4aAAA6bF9WFcYyKBh6iCX0WxB7LowIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxquUuiW9a304H9Ls81+2BMm4bviDUU2Zogu0F1mPp6X8TpdjYpDs + +tlakSTEPHo+aIdcV9rHpjOC3tirNbYU56D8DdoSo1Ra6XNFbxWrw7usSR9gz7L+ + kYp1Uij4gKTfg6YQkU0lkufk13if6zvb/GjoBUTS/Tx+8sZm2/JKEK8JLQaCkmMu + LAUTsHj35Q8S99TzCLAoQLo136AtvPqcwwHVwkdX+S4WqtlODxfJ7T+9KFxGg54B + 1M6btg8iL5sdTFrLIBi7oK6GuLK9izvZ4O9O9H2bStW6LodqPtw2v5WA8li+YJx7 + LBgLO4aAAA6bF9WFcYyKBh6iCX0WxB7LowIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + anindya = { + owner = config.krebs.users.mic92; + nets.retiolum = { + ip4.addr = "10.243.29.191"; + aliases = [ + "anindya.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA8yWr01WlmM4RYuJdxvzvfdN3C5T3DOknWvK7U3y92HYgtQfYtZwu + +J8r1fpTsdIS8wKdSEqz7Mjhb1JabJBB1fv/2mkAF4V/gkMbP0jqZ6QQL29kgkNP + aI/+zG1yh4kEDgSn843J6XnTsJ/4Na2zmbVP1iIIQYMXyh+meWsBVR6DKV5ighjz + 4h3wKbuMmDrS50aTk8ahgWoiqcE2DTUMeprw4SIL+RTepmsCINQtAJui5Ys6AAbK + ab6gxMzRH2txLBcTfSrbqTX3qHZHLlB9Ai5FEItWqMBxquD6OCxn8DNU+5LgGpt1 + Z37SI1U0c4uu1oo7kOSx6wYP2ZVOatys6QIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; martha = { -- cgit v1.2.3 From 52a7e2c299a6f0418712a7cc6336f465bdbd31fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 23 Mar 2021 12:31:38 +0100 Subject: mic92: add dimitra --- krebs/3modules/external/mic92.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index e0a3fe2a2..87eb114e0 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -288,6 +288,25 @@ in { ''; }; }; + dimitra = { + owner = config.krebs.users.mic92; + nets.retiolum = { + ip4.addr = "10.243.29.192"; + aliases = [ + "dimitra.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAtgvjWP2KIawJDk32P8Uiwz95REACx43CXUIgcBx5qg9ZQrHnJZxH + RkXLnWUmjpnEmPUfvg/b8YCyoHgzD6GQEXcWaiMXBQ/nsrSEN4mpY7tzInerzGsv + /M66WzPUWSUC9kbncLXt+2A64B23h1ki+MyMyKGIpHq21+F1b6ZHW2rkMnk3BKa4 + aJKNfadjP4V1lnPd40VBpcA3dlQfGF057GJz+2fzlfh1Bp41r/uP2NHieSAlyBws + IaVZPWbfxFyYU8JbrlYUAlLjdXFG1meo5On0K0N8tTBKfnD1nwSqTPAfM7WqOm4A + ImYB8LzjmIdXM+QUqbVFTgiY4jBDg61krwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; martha = { owner = config.krebs.users.mic92; nets = rec { -- cgit v1.2.3 From 0beccdf2249cfb5db981b10e49db860717c12b86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 30 Mar 2021 09:45:39 +0200 Subject: mic92: update harsha's key --- krebs/3modules/external/mic92.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 87eb114e0..bc1a5a8d9 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -467,12 +467,12 @@ in { ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqIc+ozq3hKHMe/X3v4j+6or8LMjEV7MtQ8/+n00xpG4NkI4G38Bv - 3nmAcV7OhN6of0fr0psbBmym+2VxCZbpl8E3g1GWSKpAvlmP/9v4wDVdrADaTvXC - pzCxejtCwEhKLisnMwCMJCuUPbIsSBU+IQDPKP7NP0yY5VapgW3Xl3qXpnehCW1r - NBZjZASnhSXcJRLJayEDN6uBviYrnnfbrHOx4fPcjQPTHX5RYr3EbgGZQO9xki44 - 9dKT4EA95lupTqC3wzuQbaNpvIuVzmggiDY/NsBIVh0/2XjGnO54wtCEPudaLnWd - WNtc1wfVFB6gzgG1N7msOuFUReOIfyF/ywIDAQAB + MIIBCgKCAQEA9VVG+kwSXDmjLuNCT6Mp9xTCj9IdzgjWxkExEH/Jd9kgVNXRa+39 + P8OQuHXi9fC/51363hh7ThggneIxOs2R4fZDyUcWfzv13aik34U0e+tYjhWXig+o + MClkK4/uhLrsk370MQVevpjYW23S5d+pThOm84xIchvjR9nqzp6E3jzjhyeQwHJg + dM48y7XT2+7hLvOkkEQ8xLcd35J228wVSilsSYhye1D2+ThRDbjjEkKXnIeOmU5h + TPNvn+U0lVdwUDYlS+XUhNl3awRdfzTYlPvUhTWv9zwSxS5EQjvgMqC/3/fQod2K + zyYdPwCwEyrksr9JvJF/t+oCw4hf3V4iOwIDAQAB -----END RSA PUBLIC KEY----- ''; }; -- cgit v1.2.3 From 3429fcae08e04a2c13280e0e9ca3f2bd1225c101 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 13 Apr 2021 16:10:27 +0200 Subject: mic92: add philipsaendig --- krebs/3modules/external/mic92.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index bc1a5a8d9..3d8ed97de 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -307,6 +307,25 @@ in { ''; }; }; + philipsaendig = { + owner = config.krebs.users.mic92; + nets.retiolum = { + ip4.addr = "10.243.29.193"; + aliases = [ + "philipsaendig.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAyWdCrXD0M9CIt0ZgVB6W5ozOvLDoxPmGzLBJUnAZV8f9oqfaIEIX + 5TIaxozN3QMEgS0ChaOHTNFiQZjiiwJL/wPx1eFvKfDkkn7ayrRS/pP+bKhcDpKl + 4tPejipee9T2ZhYg9tbk291CDBe1fHR5S2F8kPm8OuqwE2Fv9N8wldcsDLxHcTZl + +wp4Oe/Wn5WLvZb3SUao17vKnNBLfMMCGC01yRfhZub41NkGYVWBjErsIVxQ+/rF + Y7DdCekus+BQCKz+beEmtzG7d0Xwqwkif51HQ05CvwFNEtdUGodd8OrIO+gpIV6S + oN+Q5zxsenLo6QRfsLD+nn7A7qbzd57kUwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; martha = { owner = config.krebs.users.mic92; nets = rec { -- cgit v1.2.3 From b8670c2db5f0f86dee6cd7f260980c2742782abd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 21 Apr 2021 20:04:51 +0200 Subject: mic92: add sauron --- krebs/3modules/external/mic92.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 3d8ed97de..a2a154ebe 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -386,6 +386,34 @@ in { }; }; }; + sauron = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + ip4.addr = "129.215.165.75"; + aliases = [ "sauron.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.sauron.nets.retiolum.ip4.addr + config.krebs.hosts.sauron.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.194"; + aliases = [ "sauron.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxmCryT4ZEhPOvdZhWhYZsRS7sz1njSh2ozh6iwXRXhjRjZ9tYZVQ + GoYc6ADnWCnb9SGpPe1WqwFMblfKofnXCvC4wLQaFsch1GIMPhujosJ4Te84BHi1 + XKqyompotE2F7iWYPE6i6UAdRK2dCapfCbiDBOjMhCnmmhM1oY5Bv/fBtx3/2N7E + W+iN6LG2t9cKibs8qrLzFtJIfWn8uXU9dkdhX3d9guCdplGOn/NT/Aq3ayvA+/Mf + 74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG + 67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; rock = { owner = config.krebs.users.mic92; nets = { -- cgit v1.2.3 From 8235cbb5076cddc94f42d8f2204d4a94f2c93c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 28 Apr 2021 18:13:54 +0200 Subject: mic92: add bill --- krebs/3modules/external/mic92.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index a2a154ebe..d9862fe35 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -414,6 +414,29 @@ in { }; }; }; + bill = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.bill.nets.retiolum.ip4.addr + config.krebs.hosts.bill.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.195"; + aliases = [ "bill.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAzg0wJuDvsbflRKSJ7+ug9y7Gn+BH3CR44fuCPZpWmIcGIUbA6rXj + CD8pF5heOvXNCFlEip2wqTkaCJPnUs3x8BRtORmD6OxDdmqt0xH54u7CixKzrPp9 + GIQydv+ZsGA2z3aDbmBydRPDIvYGhW68FJn10qlGRjCZ5zCl1eVEZ/wMddFXc0B8 + KDbxh7qOkjXon6EOGACVbnrnUR3F1GsIvCxX0cCDrO0P8XHwwsZiAfUwXYkiqw7t + zPcty6Bbr34mSJbb9cFb/qQlfPWT0HVgo+Q65HVkr/64o/9tTyREZcj1dk5PpEPE + bt7PGlOF1oPZpVFQh8S+NviHTtqrvkuISQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; rock = { owner = config.krebs.users.mic92; nets = { -- cgit v1.2.3 From f6f57f0f836077d6f119dbfc6be78ae80971c612 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 28 Apr 2021 18:44:17 +0200 Subject: mic92: add nardile --- krebs/3modules/external/mic92.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index d9862fe35..36d5c5ca6 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -437,6 +437,29 @@ in { }; }; }; + nardile = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.nardile.nets.retiolum.ip4.addr + config.krebs.hosts.nardile.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.173"; + aliases = [ "nardile.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA05JzZLPH4+t2X8TI1nYsv4WCQ/OUmuMy9YbKUIRITE2EVA+x47Cf + qdYPucWUpF7ap1rykxHBcPnmORO/NjAymlt25FDyyYQ2uWm17VE7P7jefAUnX7xj + 80Rt7aWCXfldQuRAbza35G+Kl50Y6ydkZYkKCbyQ8fMhuzNp6Wn/pAJD3yr+zdka + AsIoir9Ut9/9CKayRqGF+zaIf2Lj7nl5GL8bCAVJydU98GjlnXt7iuaWCt0H7NiK + FWOjkGhAUlQI9I6l+5ELWClpyk5X+isfbUbYaCCspZJvos+vDE8hJuH5PrH8NuJj + fJv8HrHkcGphn/Nn1TotpHBkyMyE5h6akwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; rock = { owner = config.krebs.users.mic92; nets = { -- cgit v1.2.3 From 18a50e5238b7308b3d1e538bba76b40a920f451a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 28 Apr 2021 18:47:18 +0200 Subject: mic92: rename nardile to nardole --- krebs/3modules/external/mic92.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 36d5c5ca6..15136cbce 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -437,16 +437,16 @@ in { }; }; }; - nardile = { + nardole = { owner = config.krebs.users.mic92; nets = rec { retiolum = { addrs = [ - config.krebs.hosts.nardile.nets.retiolum.ip4.addr - config.krebs.hosts.nardile.nets.retiolum.ip6.addr + config.krebs.hosts.nardole.nets.retiolum.ip4.addr + config.krebs.hosts.nardole.nets.retiolum.ip6.addr ]; ip4.addr = "10.243.29.173"; - aliases = [ "nardile.r" ]; + aliases = [ "nardole.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEA05JzZLPH4+t2X8TI1nYsv4WCQ/OUmuMy9YbKUIRITE2EVA+x47Cf -- cgit v1.2.3 From 2ffceb97a93035a4d4b568b6b4ed43fd9c795a33 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 May 2021 18:23:56 +0200 Subject: nixpkgs: dec334f -> a565a21 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 44a5d0c37..6a5bcdfa5 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "dec334fa196a4aeedb1b60d8f7d61aa00d327499", - "date": "2021-04-14T01:54:42+02:00", - "path": "/nix/store/x1dkzxknsrf0060pz1vwa7ibmq7899wb-nixpkgs", - "sha256": "1sm1p2qliz11qw6va01knm0rikhpq2h4c70ci98vi4q26y4q9z72", + "rev": "a565a2165ab6e195d7c105a8416b8f4b4d0349a4", + "date": "2021-05-04T00:01:38+02:00", + "path": "/nix/store/6gp6c5bhcwmywnr0dp8z0qa82kvk48vr-nixpkgs", + "sha256": "1x90qm533lh8xh172rqfcj3pwg8imyx650xgr41rqppmm6fli4w1", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From bae51c6252ba0130046a1e05f53c6f83ed79929f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 May 2021 18:24:26 +0200 Subject: nixpkgs-unstable: 04a2b26 -> 7cb7620 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 25389ad9c..b8a2e515b 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "04a2b269d8921505a2969fc9ec25c1f517f2b307", - "date": "2021-03-30T01:32:47-04:00", - "path": "/nix/store/wb6m2d6p3kadk6pbqdjq3ydswbvmb0lq-nixpkgs", - "sha256": "15hgx2i71pqgvzv56jwzfs8rkhjbm35wk1i6mxrqbq6wd0y10isv", + "rev": "7cb76200088f45cd24a9aa67fd2f9657943d78a4", + "date": "2021-05-03T22:48:10+02:00", + "path": "/nix/store/ly8ysjcrb689d095snc83apj3xlkkb14-nixpkgs", + "sha256": "12q3jy364nrcixfnd522jc9piagnc16p5b5l57mgp01lk311k7z1", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From 667347429fb39f68d1f8167ca08bf505e5c8c086 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 5 May 2021 11:43:58 +0200 Subject: exim: remove 4.94+fixes; upstream has caught up --- krebs/5pkgs/override/default.nix | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix index e5867926e..926e9dccd 100644 --- a/krebs/5pkgs/override/default.nix +++ b/krebs/5pkgs/override/default.nix @@ -10,21 +10,6 @@ self: super: { }; }); - exim = super.exim.overrideAttrs (old: rec { - version = warnOldVersion old.version "4.95+fixes"; - src = self.fetchgit { - url = "git://git.exim.org/exim.git"; - rev = "cdb37db5c0ff060de7edfc94e830cab6b7f7c084"; - sha256 = "1xaxs1p8yy5f04an5g9mxhj5cvbnzj0xfb50aa1xxkhkqkspzlsg"; - postFetch = /* sh */ '' - ${self.gnutar}/bin/tar xf ${old.src} - ${self.rsync}/bin/rsync -vac "$out"/src/ exim-4.94/src - rm -R "$out" - mv exim-4.94 "$out" - ''; - }; - }); - flameshot = super.flameshot.overrideAttrs (old: rec { patches = old.patches or [] ++ [ (self.writeText "flameshot-imgur.patch" /* diff */ '' -- cgit v1.2.3 From 516cf1fc0fd852a6165f9f19e21de0d5bed76eed Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 May 2021 17:53:06 +0200 Subject: nixpkgs: a565a21 -> d90df56 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 6a5bcdfa5..1d1dee220 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "a565a2165ab6e195d7c105a8416b8f4b4d0349a4", - "date": "2021-05-04T00:01:38+02:00", - "path": "/nix/store/6gp6c5bhcwmywnr0dp8z0qa82kvk48vr-nixpkgs", - "sha256": "1x90qm533lh8xh172rqfcj3pwg8imyx650xgr41rqppmm6fli4w1", + "rev": "d90df566caff6ef84f7bfccc2a2c95496f221d62", + "date": "2021-05-04T18:59:22-04:00", + "path": "/nix/store/3jr3hwykb05r9m5g3phpx6f7k2956ny3-nixpkgs", + "sha256": "0f1im9c83kyc465k5lsqyhb5saki3dgh5bb1gyyh7gmqlhyvqcax", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From 451cf918eb70fe0abb56276a17f134196d9cd12a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 May 2021 17:53:22 +0200 Subject: nixpkgs-unstable: 7cb7620 -> 39e6bf7 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index b8a2e515b..83ae57a6f 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "7cb76200088f45cd24a9aa67fd2f9657943d78a4", - "date": "2021-05-03T22:48:10+02:00", - "path": "/nix/store/ly8ysjcrb689d095snc83apj3xlkkb14-nixpkgs", - "sha256": "12q3jy364nrcixfnd522jc9piagnc16p5b5l57mgp01lk311k7z1", + "rev": "39e6bf76474ce742eb027a88c4da6331f0a1526f", + "date": "2021-05-04T23:07:42+02:00", + "path": "/nix/store/9zbih9x2pfi782vv73v0vjxscmzyf4da-nixpkgs", + "sha256": "1pxigbywdq4yf7smas6zq4vhakbkvm1vhj443qjikh77fc8hy17b", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From fe45bafe1d8b573887e55d05c854608fdb184a5a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 May 2021 06:54:56 +0200 Subject: external: add nxdc.r --- krebs/3modules/external/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 809d5a7db..7a2075702 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -537,6 +537,32 @@ in { }; }; }; + nxdc = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.125"; + aliases = [ + "nxdc.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA2mKpvIpNOlX7adMUQvcExJfPMf7oZggqJBL43nYSOzqK4b3rMUrY + SgCYQp9YMf4CMbAuPe4nzAHt9fHqIwNmN8YRh29ku/5tPZDg+OK8zRPoapaeABU4 + nvW3IxWdGGxyoh9E5MkjHh0Q8Hwt220ZSV5XhlySNOm0cbYRmUqoUtekN+BAzHzA + nl9Ew0iCfeu06XlIn/z1vCFxv8Vk5M0dFk87JP0Gpt0JOgVbATPPnsZUNqmrNpQv + IDroHUSRQRQmMYs1rlDGC+06QIHOj1WTNxbbntMAPEn9WLaptnSpznJQAvX6hbc/ + zBwJE4eWkwgpgQcBlqbTE0Zp0T9mU4cpED5dh7X+DU3pDh3T3Tfr+9wIOmNBEaxq + a6dQ5kkOTtAIsQ4WIazNMKTJF/abGqjvqJLTAbQjX24ZgpMwH05vodh2Y1KJB2pu + XHFqlMgIBnG4lZuS5ZfidLb2b6pl02dG3wTijHrjZFjBQyYCcpcsGoq1iIErae7T + HFsjPH+wOKnj1UOxcArl1cubC3QFNHs9bvAFqGzm3u8N4rV71/DTi++Ph3kZ7ed0 + fR1tW6GVv0icL2rhaATBVgGaMiglaeyRcbiEpkYD0VC499xgPF3JFDxnmBR1g1jZ + 5UtQV1h8QpBUWkRH/rU1OwhZ/KNcN3Mx5mhs5MSl/Bn/Kwe2URS6eKsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { -- cgit v1.2.3 From c64c97ac80d9f919573c8396cd3522a9bf0b0444 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 May 2021 12:06:09 +0200 Subject: nixpkgs: d90df56 -> 21ff930 --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 1d1dee220..7a16fab63 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d90df566caff6ef84f7bfccc2a2c95496f221d62", - "date": "2021-05-04T18:59:22-04:00", - "path": "/nix/store/3jr3hwykb05r9m5g3phpx6f7k2956ny3-nixpkgs", - "sha256": "0f1im9c83kyc465k5lsqyhb5saki3dgh5bb1gyyh7gmqlhyvqcax", + "rev": "21ff9308b75d448765f7c3704a1459a3d8e1c844", + "date": "2021-05-14T13:57:54+00:00", + "path": "/nix/store/xdd7c619y10n0fll9zk32fzd62yhil90-nixpkgs", + "sha256": "0i32d1q5v9a0q4y1s010afn6vxljbliilq5cs63mk6sdw3kryj2b", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From 7e018afe85af22916f070a242d9d1667791e3457 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 May 2021 12:18:22 +0200 Subject: nixpkgs-unstable: 39e6bf7 -> d1601a4 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 83ae57a6f..da50df9c9 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "39e6bf76474ce742eb027a88c4da6331f0a1526f", - "date": "2021-05-04T23:07:42+02:00", - "path": "/nix/store/9zbih9x2pfi782vv73v0vjxscmzyf4da-nixpkgs", - "sha256": "1pxigbywdq4yf7smas6zq4vhakbkvm1vhj443qjikh77fc8hy17b", + "rev": "d1601a40c48426ae460eede1675fd1d6ee23e198", + "date": "2021-05-13T06:19:30-04:00", + "path": "/nix/store/6ifpfakc5am0dz25w40y2jgr4jhvr3iz-nixpkgs", + "sha256": "00nl5b0ncqrcv6zr000dxk1jdvs7aj4s53njiyrh3sn78w1nghl6", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From f1c47ae668eb3fa47a8c4ea952b81c9a909391a4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 May 2021 23:59:03 +0200 Subject: solanum: init at 2021-04-27 --- krebs/5pkgs/simple/solanum/bandb.patch | 12 +++++ krebs/5pkgs/simple/solanum/default.nix | 63 ++++++++++++++++++++++ .../5pkgs/simple/solanum/dont-create-logdir.patch | 14 +++++ 3 files changed, 89 insertions(+) create mode 100644 krebs/5pkgs/simple/solanum/bandb.patch create mode 100644 krebs/5pkgs/simple/solanum/default.nix create mode 100644 krebs/5pkgs/simple/solanum/dont-create-logdir.patch diff --git a/krebs/5pkgs/simple/solanum/bandb.patch b/krebs/5pkgs/simple/solanum/bandb.patch new file mode 100644 index 000000000..7d204398b --- /dev/null +++ b/krebs/5pkgs/simple/solanum/bandb.patch @@ -0,0 +1,12 @@ +diff --git a/ircd/bandbi.c b/ircd/bandbi.c +index 29a3bfa2..16a40f17 100644 +--- a/ircd/bandbi.c ++++ b/ircd/bandbi.c +@@ -83,7 +83,6 @@ start_bandb(void) + const char *suffix = ""; + #endif + +- rb_setenv("BANDB_DBPATH", ircd_paths[IRCD_PATH_BANDB], 1); + if(bandb_path == NULL) + { + snprintf(fullpath, sizeof(fullpath), "%s%cbandb%s", ircd_paths[IRCD_PATH_LIBEXEC], RB_PATH_SEPARATOR, suffix); diff --git a/krebs/5pkgs/simple/solanum/default.nix b/krebs/5pkgs/simple/solanum/default.nix new file mode 100644 index 000000000..279cccbcc --- /dev/null +++ b/krebs/5pkgs/simple/solanum/default.nix @@ -0,0 +1,63 @@ +{ lib, stdenv +, fetchFromGitHub +, autoreconfHook +, pkg-config +, bison +, flex +, openssl +, sqlite +, lksctp-tools +}: + +stdenv.mkDerivation rec { + pname = "solanum"; + version = "unstable-2021-04-27"; + + src = fetchFromGitHub { + owner = "solanum-ircd"; + repo = pname; + rev = "3ff5a12e75662e9a642f2a4364797bd361eb0925"; + sha256 = "14ywmfdv8cncbyg08y2qdis00kwg8lvhkcgj185is67smh0qf88f"; + }; + + patches = [ + ./dont-create-logdir.patch + ./bandb.patch # https://github.com/solanum-ircd/solanum/issues/156 + ]; + + configureFlags = [ + "--enable-epoll" + "--enable-ipv6" + "--enable-openssl=${openssl.dev}" + "--with-program-prefix=solanum-" + "--localstatedir=/var/lib" + "--with-rundir=/run" + "--with-logdir=/var/log" + ] ++ lib.optionals (stdenv.isLinux) [ + "--enable-sctp=${lksctp-tools.out}/lib" + ]; + + nativeBuildInputs = [ + autoreconfHook + bison + flex + pkg-config + ]; + + buildInputs = [ + openssl + sqlite + ]; + + doCheck = !stdenv.isDarwin; + + enableParallelBuilding = true; + + meta = with lib; { + description = "An IRCd for unified networks"; + homepage = "https://github.com/solanum-ircd/solanum"; + license = licenses.gpl2Only; + maintainers = with maintainers; [ hexa ]; + platforms = platforms.unix; + }; +} diff --git a/krebs/5pkgs/simple/solanum/dont-create-logdir.patch b/krebs/5pkgs/simple/solanum/dont-create-logdir.patch new file mode 100644 index 000000000..e348dd7b8 --- /dev/null +++ b/krebs/5pkgs/simple/solanum/dont-create-logdir.patch @@ -0,0 +1,14 @@ +diff --git a/Makefile.am b/Makefile.am +index 19e7b396..21093521 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -35,9 +35,6 @@ include/serno.h: + echo '#define DATECODE 0UL' >>include/serno.h; \ + fi + +-install-data-hook: +- test -d ${DESTDIR}${logdir} || mkdir -p ${DESTDIR}${logdir} +- + install-exec-hook: + rm -f ${DESTDIR}${libdir}/*.la + rm -f ${DESTDIR}${moduledir}/*.la -- cgit v1.2.3 From 08cf800ccaadc9f266bf812274b773cbf598524a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 May 2021 23:59:41 +0200 Subject: modules: charybdis -> solanum --- krebs/2configs/ircd.nix | 4 +- krebs/3modules/charybdis.nix | 109 ------------------------------------------- krebs/3modules/default.nix | 2 +- krebs/3modules/solanum.nix | 107 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 110 insertions(+), 112 deletions(-) delete mode 100644 krebs/3modules/charybdis.nix create mode 100644 krebs/3modules/solanum.nix diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 3ef2e7d2b..d4ac9e42a 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,9 +5,9 @@ 6667 6669 ]; - systemd.services.charybdis.serviceConfig.LimitNOFILE = 16384; + systemd.services.solanum.serviceConfig.LimitNOFILE = 16384; - krebs.charybdis = { + krebs.solanum = { enable = true; motd = '' hello diff --git a/krebs/3modules/charybdis.nix b/krebs/3modules/charybdis.nix deleted file mode 100644 index 038d79dd0..000000000 --- a/krebs/3modules/charybdis.nix +++ /dev/null @@ -1,109 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) mkEnableOption mkIf mkOption singleton types; - inherit (pkgs) coreutils charybdis; - cfg = config.krebs.charybdis; - - configFile = pkgs.writeText "charybdis.conf" '' - ${cfg.config} - ''; -in - -{ - - ###### interface - - options = { - - krebs.charybdis = { - - enable = mkEnableOption "Charybdis IRC daemon"; - - config = mkOption { - type = types.str; - description = '' - Charybdis IRC daemon configuration file. - ''; - }; - - statedir = mkOption { - type = types.str; - default = "/var/lib/charybdis"; - description = '' - Location of the state directory of charybdis. - ''; - }; - - user = mkOption { - type = types.str; - default = "ircd"; - description = '' - Charybdis IRC daemon user. - ''; - }; - - group = mkOption { - type = types.str; - default = "ircd"; - description = '' - Charybdis IRC daemon group. - ''; - }; - - motd = mkOption { - type = types.nullOr types.lines; - default = null; - description = '' - Charybdis MOTD text. - - Charybdis will read its MOTD from /etc/charybdis/ircd.motd . - If set, the value of this option will be written to this path. - ''; - }; - - }; - - }; - - - ###### implementation - - config = mkIf cfg.enable (lib.mkMerge [ - { - users.users.${cfg.user} = { - description = "Charybdis IRC daemon user"; - uid = config.ids.uids.ircd; - group = cfg.group; - }; - - users.groups.${cfg.group} = { - name = cfg.group; - gid = config.ids.gids.ircd; - }; - - systemd.services.charybdis = { - description = "Charybdis IRC daemon"; - wantedBy = [ "multi-user.target" ]; - environment = { - BANDB_DBPATH = "${cfg.statedir}/ban.db"; - }; - serviceConfig = { - ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}"; - Group = cfg.group; - User = cfg.user; - PermissionsStartOnly = true; # preStart needs to run with root permissions - }; - preStart = '' - ${coreutils}/bin/mkdir -p ${cfg.statedir} - ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir} - ''; - }; - - } - - (mkIf (cfg.motd != null) { - environment.etc."charybdis/ircd.motd".text = cfg.motd; - }) - ]); -} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 85d27459b..e75afad1d 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -17,7 +17,6 @@ let ./buildbot/slave.nix ./build.nix ./cachecache.nix - ./charybdis.nix ./ci.nix ./current.nix ./dns.nix @@ -52,6 +51,7 @@ let ./secret.nix ./setuid.nix ./shadow.nix + ./solanum.nix ./sync-containers.nix ./tinc.nix ./tinc_graphs.nix diff --git a/krebs/3modules/solanum.nix b/krebs/3modules/solanum.nix new file mode 100644 index 000000000..00aefce85 --- /dev/null +++ b/krebs/3modules/solanum.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption singleton types; + inherit (pkgs) coreutils solanum; + cfg = config.krebs.solanum; + + configFile = pkgs.writeText "solanum.conf" '' + ${cfg.config} + ''; +in + +{ + + ###### interface + + options = { + + krebs.solanum = { + + enable = mkEnableOption "Solanum IRC daemon"; + + config = mkOption { + type = types.str; + description = '' + Solanum IRC daemon configuration file. + ''; + }; + + statedir = mkOption { + type = types.path; + default = "/var/lib/solanum"; + description = '' + Location of the state directory of solanum. + ''; + }; + + user = mkOption { + type = types.str; + default = "ircd"; + description = '' + Solanum IRC daemon user. + ''; + }; + + group = mkOption { + type = types.str; + default = "ircd"; + description = '' + Solanum IRC daemon group. + ''; + }; + + motd = mkOption { + type = types.nullOr types.lines; + default = null; + description = '' + Solanum MOTD text. + + Solanum will read its MOTD from /etc/solanum/ircd.motd . + If set, the value of this option will be written to this path. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable (lib.mkMerge [ + { + users.users.${cfg.user} = { + description = "Solanum IRC daemon user"; + uid = config.ids.uids.ircd; + group = cfg.group; + }; + + users.groups.${cfg.group} = { + gid = config.ids.gids.ircd; + }; + + systemd.tmpfiles.rules = [ + "d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -" + ]; + + systemd.services.solanum = { + description = "Solanum IRC daemon"; + wantedBy = [ "mu